Question No: 61

An administrator received a report that a user cannot connect to the headquarters site using Cisco AnyConnect and receives this error. The installer was not able to start the Cisco VPN client, clientless access is not available, Which option is a possible cause for this error?

The client version of Cisco AnyConnect is not compatible with the Cisco ASA software image.

The operating system of the client machine is not supported by Cisco AnyConnect.

The driver for Cisco AnyConnect is outdatate.

The installed version of Java is not compatible with Cisco AnyConnect.

Answer: C

Question No: 62

Which command configures IKEv2 symmetric identity authentication?

match identity remote address 0.0.0.0

authentication local pre-share

authentication pre-share

authentication remote rsa-sig

Answer: C

Question No: 63

Refer to the exhibit.

Which VPN solution does this configuration represent?

DMVPN

GETVPN

FlexVPN

site-to-site

Answer: B

Question No: 64

Which feature do you include in a highly available system to account for potential site failures?

geographical separation of redundant devices

hot/standby failover pairs

Cisco ACE load-balancing with VIP

dual power supplies

Answer: A

Question No: 65

Which technology is FlexVPN based on?

OER

VRF

IKEv2

an RSA nonce

Answer: C

Question No: 66

Which of the following could be used to configure remote access VPN Host-scan and pre- login policies?

ASDM

Connection-profile CLI command

Host-scan CLI command under the VPN group policy

Pre-login-check CLI command

Answer: A

Question No: 67

A network administrator is configuring AES encryption for the ISAKMP policy on an IOS router. Which two configurations are valid? (Choose two.)

crypto isakmp policy 10 encryption aes 254

crypto isakmp policy 10 encryption aes 192

crypto isakmp policy 10 encryption aes 256

crypto isakmp policy 10 encryption aes 196

crypto isakmp policy 10 encryption aes 199

crypto isakmp policy 10 encryption aes 64

Answer: B,C

Question No: 68

Scenario

Your organization has just implemented a Cisco AnyConnect SSL VPN solution. Using Cisco ASDM, answer the questions regarding the implementation.

Note: Not all screens or option selections are active for this exercise.

Topology

Default_Home

What two actions will be taken on translated packets when the AnyConnect users connect to the ASA? (Choose two.)

No action will be taken, they will keep their original assigned addresses

The source address will use the outside-nat-pool

The source NAT type will be a static translation

The source NAT type will be a dynamic translation

DNS will be translated on rule matches

Answer: A,C Explanation:

First, navigate to the Configuration -gt;NAT Rules tab to see this:

Here we see that NAT rule 2 applies to the AnyConnect clients, click on this rule for more details to see the following:

Here we see that it is a static source NAT entry, but that the Source and Destination addresses remain the original IP address so they are not translated.

Question No: 70

A Cisco IOS SSL VPN gateway is configured to operate in clientless mode so that users can access file shares on a Microsoft Windows 2003 server. Which protocol is used between the Cisco IOS router and the Windows server?